Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages thatfix a security issue are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the RedHat Security Response Team.

2. Description:

The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages containutilities and documentation for configuring a machine for the ControlledAccess Protection Profile, or the Labeled Security Protection Profile.

It was discovered that use of the "capp-lspp-config" script results in the"/etc/pam.d/system-auth" file being set to world-writable. Authorized localusers who have limited privileges could then exploit this to gainadditional access, or to escalate their privileges. (CVE-2008-0884)

This issue only affects users who have installed either of these packagesfrom the Red Hat FTP site as their base system configuration kickstartscript.

New deployments using the lspp-eal4-config-ibm or capp-lspp-eal4-config-hppackages are advised to upgrade to these updated packages, which resolvethis issue.

For systems already deployed, the following command can be run as root torestore the permissions to a secure setting: